[PATCH v2 0/5] liveupdate: validate restored LUO metadata
Pasha Tatashin
pasha.tatashin at soleen.com
Fri May 1 12:34:25 PDT 2026
On 05-02 01:30, Cris Jacob Maamor wrote:
> LUO restores metadata from KHO/FDT during liveupdate. The restored
> metadata contains physical addresses and count fields used to access and
> walk preserved session, file set, and FLB arrays.
>
> This series adds a non-consuming KHO preserved-range check and uses it
> before phys_to_virt() on restored metadata addresses. It also rejects
> restored counts above LUO_SESSION_MAX, LUO_FILE_MAX, and LUO_FLB_MAX
> before traversal.
>
> As far as I can tell, this is root/admin-only; I do not have evidence
> that a normal unprivileged user can trigger it directly.
>
> Changes since v1:
> - Dropped RFC marking.
> - Added changelog text to each patch.
> - No code changes.
>
> Cris Jacob Maamor (5):
> kexec: handover: add helper to check preserved page ranges
> liveupdate: validate LUO FDT physical address before mapping
> liveupdate: validate restored LUO session metadata
> liveupdate: validate restored LUO file set metadata
> liveupdate: validate restored LUO FLB metadata
I have replied separately in the security report to clarify that this is
not a bug. The behavior follows the ABI specification exactly: we use
the PA addresses and ranges provided by the KHO FDT tree.
NAK
>
> include/linux/kexec_handover.h | 6 +++++
> kernel/liveupdate/kexec_handover.c | 35 ++++++++++++++++++++++++++++++
> kernel/liveupdate/luo_core.c | 10 ++++++++-
> kernel/liveupdate/luo_file.c | 14 ++++++++++--
> kernel/liveupdate/luo_flb.c | 23 +++++++++++++++++++-
> kernel/liveupdate/luo_session.c | 22 +++++++++++++++++--
> 6 files changed, 104 insertions(+), 6 deletions(-)
>
> --
> 2.53.0
>
More information about the kexec
mailing list